FoF Terms, ask your users to accept TOS and Privacy Policy

Pollux · May 11, 2018

clarkwinkelmann The "terms updated at" value should be seen as "everybody who accepted prior to that date now has to accept again". Meaning, it has to be in the past or everybody will always be matched and nobody will be able to pass ?

First I understood your extension in a way that each update would have its own entry in the flagrow_terms_policies table. I later understood that this is not the way your extension works and also that this approach wouldn't make a lot of sense either. The way you've organized the policies makes a lot more sense, but now you have to know which version of a given policy has been accepted and this can be achieved by comparing the date of the last version and the date of the last acceptance. A lean and simple approach with the only drawback of missing grace periods. But that's absolutely OK with me.

I wanted to implement some kind of versioning, but it's a bit more complex.

Thinking about versions of policies and grace periods, I realised too that this get's complicated soon. Let's for example look at the situation, where a user has accepted version 5, version 6 is due and version 7 is announced (grace period). Should we offer both versions 6 and 7 for acceptance? Should we offer version 7 first and in case of decline come up with version 6 which can't be declined? What about overlapping grace periods? This can easily become very confusing.

clarkwinkelmann Regarding the ability to close the modal while still being blocked I will try to implement it as soon as possible.

Great.

I have found one bug in my installation, but I'm not sure whether this is due to my difficulties during installation. If I check the Terms accept state of a user, I can't see the accept date, it just shows:

Policy 1: Accepted at ,[object Object]
Policy 2: Not accepted

Policy 1 had been accepted before, policy 2 had not.

Edit: The date in the database looks unsuspicious to me:

 policy_id    user_id    accepted_at
	 1	    1 	 2018-05-11 09:37:06

luceos · May 11, 2018

Pollux Policy 1: Accepted at ,[object Object]

It's most likely a Carbon object, the Laravel version of a DateTime PHP class.

clarkwinkelmann · May 11, 2018

luceos you can use the conflict key in composer:

@Ralkage is already adding the conflict key to User Management. We could add it as well.

Pollux Should we offer both versions 6 and 7 for acceptance? Should we offer version 7 first and in case of decline come up with version 6 which can't be declined? What about overlapping grace periods? This can easily become very confusing.

Indeed. The current version is the only simple solution that works no matter what I guess.

Pollux Accepted at ,[object Object]

I will have to investigate that... I thought that was handled.

sarneeh · May 11, 2018

Amazing! Was just thinking about GDPR compliance for my forum and stumbled upon this. Thank you! ?

Zeokat · May 12, 2018

Very usefull extension, laws are important and we need to keep forums safe.

clarkwinkelmann · May 13, 2018

Version 0.2.0 released.

Update with:

composer require flagrow/terms
php flarum cache:clear

What's new ?

Less intrusive notifications

Users can now always close the "terms update" modal so it doesn't block access to other pages and features like logout.

Additionally the "terms update" modal now only opens on the frontpage. That way it opens after login or after coming back to the website, but not if you open the terms of use page that are in a discussion or custom page in another tab to read them for example.

As long as you haven't accepted the new terms a banner will prompt you to do it:

Users who are allowed to skip the terms update don't have their accounts restricted and can dismiss the banner if they want. The banner will be back on next page refresh.

Clicking the "click here" link opens the same modal as you get when loading the homepage (the same as in version 0.1)

Policies data export

There is now an /api/flagrow/terms/policies/<policy id>/export.json url to export the data about a given policy. The endpoint will return a simple list of emails and accept time. You can get them as CSV by using export.csv instead.

More options are available, see the wiki https://github.com/flagrow/terms/wiki/Export-url

You can copy the url including the policy ID via the policy settings.

Date format

You can now choose the format which will be used to show "updated at" to the user. That way you can choose if you want to include the hour or day of week for example. The option to completely hide the update date is still there.

Other stuff

Added french translation
Fixed commas appearing out of nowhere in some texts
Marked the extension as conflicting with reflar/user-management. You won't be able to update to 0.2 if you have reflar/user-management installed !

Spanish translation is incomplete for version 0.2. PR welcome to fix it. Translations in other languages are welcome as well !

ganuonglachanh · May 14, 2018

clarkwinkelmann Well done, thank you very much!

m4rny · May 18, 2018

Great extension! Have you considered adding a choice which conditions are required and which are not? To distinguish between those that need to be checked as a condition of registration, from those that are not required. Quite important in the light of the introduction of the new GDPR rules.

Perhaps an option to mark all approvals at once? Sometimes there are several of them, it would be easier for the user.

clarkwinkelmann · May 18, 2018

m4rny Have you considered adding a choice which conditions are required and which are not?

Yes I've thought of that but couldn't find any useful use case. If something is optional, it's usually connected to something else and would make more sense as a separate extension. For example a newsletter opt-in would be better handled by a separate extension adding its own checkbox and syncing the state accordingly.

What would you like to use that feature for ?

m4rny Perhaps an option to mark all approvals at once?

I don't think it's worth it (you usually will have 1 to 2 checkboxes only right ?) and I'm also afraid this might not be GDPR-compliant.

ChristianFrankenstein · May 18, 2018

m4rny

GDPR still requires an explicit consent to data processing. Only the data privacy policy and terms are not enough. My example for a better way ?

Create a policy with name "Data processing" and with NO URL. So you have a checkbox that must be checked off without linking.

clarkwinkelmann · May 18, 2018

ChristianFrankenstein data processing should be an optional opt-in ?

Your setup looks fine.

ChristianFrankenstein · May 18, 2018

You need a "accept data processing" for all forms with user data but not for contact forms.

Blog Comments, Forum Registration, Shop Orders, Image uploads, ...

clarkwinkelmann · May 19, 2018

ChristianFrankenstein oops I actually thought you were the one asking the question earlier (that was m4rny )

I thought your message was a follow-up to my query about optional checks.

You were just showing how to add the data processing check ? Nice ?

By the way it's not really said in the extension but all policies fields are optional (except name). If you don't put any link it handles it fine as we can see above ?

m4rny · May 19, 2018

clarkwinkelmann Yes I've thought of that but couldn't find any useful use case. If something is optional, it's usually connected to something else and would make more sense as a separate extension. For example a newsletter opt-in would be better handled by a separate extension adding its own checkbox and syncing the state accordingly.

Yes, it makes sense, thanks for the answer.

What would you like to use that feature for ?

I need to add up to 4 separate conditions for acceptance - 3 required, 1 not, ~~but for this one I will use the solution described in this thread~~.

edit:
Scratch that. I said it too early. The idea is that the user could, but he did not have to agree to something. For example, if you are asked to give marketing consent. According to the law, I can not demand it. In this situation, even if he does not check such options, he should still be able to register.

But I have a different suggestion now, the ability to change (or leave empty) the label of the "I agree" checkbox for each policy separately. In this way you will be able to use a different form, for example:

I accept
I agree (to the)

ChristianFrankenstein

I have a similar solution, three check boxes and these are required, but I still need a fourth one, which can be but does not have to be ticked. I want users to agree to receive advertising materials electronically, but I can not demand that from them.

In this way, I will be able to create a database request for emails of people who have agreed to receive such materials and send them information from time to time, e.g. about promotions.

ChristianFrankenstein · May 19, 2018

Advertising Materials = Newsletter?
You can try this:
1. Go to appearance and create a custome header.
2. Use Javascript in this custome header to search string "I accept the <span>Newsletter"
and replace it via javascript in "I aree to the <span>Newsletter"
3. finish

BUT!!!!!
DSGVO / GDPR requires encrypted data transmission. Only https may be used. This applies to all websites where users can store private data. private and commercial websites.

clarkwinkelmann · May 19, 2018

m4rny the ability to change (or leave empty) the label of the "I agree" checkbox for each policy separately

I thought about multiple options regarding that. I see two main parts that users might want to customize:

The "accept" verb: you might want to replace "I accept" with "I approve", "I conscent", ...
The determinant: "the" terms of use, "our" terms of use, "" terms of use, ...

The problem only grows bigger with other languages, in particular when the "policy" gender or number changes the determinant.

So I decided to not handle any particular case. The defaults will work in English with "agree" and "the".

If you need another text, you can just use Flagrow Linguist and alter the translations to your liking. This should solve most problems.

Of course it doesn't solve everything. If various policies have different genders or require a different verb you won't be able to customize it per-translation...

I might add an option to replace the whole i-agree-to-text with something custom. I'm not sure how to inject the link in that though. I'll think about it.

m4rny · May 19, 2018

clarkwinkelmann

At the moment I do not have any free time, but I will try soon dig into the problem myself.

clarkwinkelmann The problem only grows bigger with other languages...

Yep, that's the point exactly. ?

ChristianFrankenstein

Yeah, sure I can, but I do not want it to be the target solution, although probably at the beginning it will be enough, later I will think about something permanent and cleaner. ?

Pollux · May 20, 2018

clarkwinkelmann The problem only grows bigger with other languages, in particular when the "policy" gender or number changes the determinant.

I have exactly this problem (genders in German). I solved it by always using plural forms (policies, rules, declarations) as in the plural form the article is the same for all genders.

clarkwinkelmann I might add an option to replace the whole i-agree-to-text with something custom. I'm not sure how to inject the link in that though.

The easiest way would be to allow html tags inside the i-agree-to-text, so the link would have to be inserted by hand.

Mmanny · May 22, 2018

Very helpful extension!
Can user register their accounts without accepting tos? I have tried in safari which I was able to register myself without accepting tos. If it is meant to be required, I'll submit a issue in your repo.

clarkwinkelmann · May 22, 2018

manny you shoudn't be able to skip the TOS when registering.

Do you have the Reflar User Management installed/enabled ? If that's the case it's expected as the extensions can't work together.

Waiting on your issue to troubleshoot that ?